From 350394353fac9901b7abbc88ba164b7cfc45e98d Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sat, 24 Oct 2020 09:48:07 +0200 Subject: gnutls_psk_set_server_credentials_file: document the file format Signed-off-by: Daiki Ueno --- lib/psk.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/psk.c b/lib/psk.c index 6ea3adb63c..e5f2b05311 100644 --- a/lib/psk.c +++ b/lib/psk.c @@ -231,6 +231,11 @@ gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t * * #gnutls_psk_server_credentials_t type. This password file * holds usernames and keys and will be used for PSK authentication. * + * Each entry in the file consists of a username, followed by a colon + * (':') and a hex-encoded key. If the username contains a colon or + * any other special character, it can be hex-encoded preceded by a + * '#'. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. **/ -- cgit v1.2.1 From ee6ef0d4ad9cf27a8b920df9b7c0ba3dbaea112e Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 26 Oct 2020 15:42:22 +0100 Subject: bootstrap.conf: exercise more tests from Gnulib This fixes the build failure with -Werror: configure:53786: gcc -o conftest -O0 -Wall -Werror -g3 conftest.c -lev >&5 conftest.c:412: error: "GNULIB_STRERROR" redefined [-Werror] 412 | #define GNULIB_STRERROR 1 | conftest.c:305: note: this is the location of the previous definition 305 | #define GNULIB_STRERROR IN_GNUTLS_GNULIB_TESTS | cc1: all warnings being treated as errors as well as improves code coverage. Suggested by Bruno Haible in: . Signed-off-by: Daiki Ueno --- .gitlab-ci.yml | 2 +- bootstrap.conf | 14 ++++++++------ configure.ac | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 82f52e5365..f09ebbf075 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -686,7 +686,7 @@ Debian.cross.i686-linux-gnu: - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" - ./bootstrap - - sed -i '/errno.==.EINVAL/d' gl/tests/test-strerror.c + - sed -i '/errno.==.EINVAL/d' src/gl/tests/test-strerror.c - mkdir -p build - cd build # Debian's softhsm package is not multiarch yet. Missing softhsm libraries diff --git a/bootstrap.conf b/bootstrap.conf index 8f7da96fd1..0f5bb9ae1b 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -19,16 +19,18 @@ source_base=gl tests_base=gl/tests m4_base=m4 gnulib_name=libgnu -gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2" +gnulib_tool_option_extras="--without-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2" use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle devel/libtasn1" -# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca attribute byteswap c-ctype extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat threadlib time_r unistd vasprintf verify vsnprintf warnings - +# Those modules are common to lib/ and src/. +common_modules=" +alloca attribute byteswap c-ctype c-strcase fopen-gnu func getline gettext-h gettimeofday hash hash-pjw-bare arpa_inet inet_ntop inet_pton intprops memmem-simple minmax netdb netinet_in read-file secure_getenv setsockopt snprintf stdint stpcpy strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types threadlib time_r unistd valgrind-tests vasprintf verify vsnprintf +" gnulib_modules=" -alloca attribute byteswap c-ctype c-strcase extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint stpcpy strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types threadlib time_r unistd valgrind-tests vasprintf verify vsnprintf warnings +$common_modules extensions gendocs havelib ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings pmccabe2html warnings " unistring_modules=" @@ -36,7 +38,7 @@ unictype/category-all unictype/property-default-ignorable-code-point unictype/pr " src_modules=" -accept bind close connect getaddrinfo getpass gettext-h arpa_inet inet_ntop inet_pton inttypes listen linked-list minmax parse-datetime progname read-file recv recvfrom select send sendto servent setsockopt shutdown socket sockets socklen stpcpy xalloc xlist xsize +$common_modules accept bind close connect getaddrinfo getpass inttypes listen linked-list parse-datetime progname read-file recv recvfrom select send sendto servent setsockopt shutdown socket sockets socklen xalloc xlist xsize " # Build prerequisites @@ -95,7 +97,7 @@ bootstrap_post_import_hook () ${GNULIB_SRCDIR}/gnulib-tool --import --local-dir=lib/unistring/override --lib=libunistring --source-base=lib/unistring --m4-base=lib/unistring/m4 --doc-base=doc --aux-dir=build-aux --lgpl=3orGPLv2 --no-conditional-dependencies --libtool --without-tests --macro-prefix=unistring ${unistring_modules} - ${GNULIB_SRCDIR}/gnulib-tool --import --local-dir=src/gl/override --lib=libgnu_gpl --source-base=src/gl --m4-base=src/gl/m4 --doc-base=doc --aux-dir=build-aux --no-conditional-dependencies --libtool --macro-prefix=ggl --without-tests --no-vc-files ${src_modules} + ${GNULIB_SRCDIR}/gnulib-tool --import --local-dir=src/gl/override --lib=libgnu_gpl --source-base=src/gl --m4-base=src/gl/m4 --doc-base=doc --tests-base=src/gl/tests --aux-dir=build-aux --no-conditional-dependencies --libtool --macro-prefix=ggl --with-tests --no-vc-files ${src_modules} # git -C ${GNULIB_SRCDIR} reset --hard diff --git a/configure.ac b/configure.ac index e485699f30..42e3c0bc3f 100644 --- a/configure.ac +++ b/configure.ac @@ -1209,7 +1209,6 @@ AC_CONFIG_FILES([ libdane/includes/Makefile libdane/gnutls-dane.pc gl/Makefile - gl/tests/Makefile guile/Makefile guile/src/Makefile lib/Makefile @@ -1231,6 +1230,7 @@ AC_CONFIG_FILES([ src/Makefile src/args-std.def src/gl/Makefile + src/gl/tests/Makefile tests/Makefile tests/windows/Makefile tests/cert-tests/Makefile -- cgit v1.2.1 From 8d84c6d7b04bafebb43ecfd268677a180a3c9233 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sat, 24 Oct 2020 10:23:03 +0200 Subject: psktool: encode username if it contains special character This also moves the hex encoding of key to write_key for readability and makes file stream closing robuster. Signed-off-by: Daiki Ueno --- bootstrap.conf | 2 +- src/psk.c | 102 +++++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 71 insertions(+), 33 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 0f5bb9ae1b..9e5a834cb5 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -38,7 +38,7 @@ unictype/category-all unictype/property-default-ignorable-code-point unictype/pr " src_modules=" -$common_modules accept bind close connect getaddrinfo getpass inttypes listen linked-list parse-datetime progname read-file recv recvfrom select send sendto servent setsockopt shutdown socket sockets socklen xalloc xlist xsize +$common_modules accept bind close close-stream connect getaddrinfo getpass inttypes listen linked-list parse-datetime progname read-file recv recvfrom select send sendto servent setsockopt shutdown socket sockets socklen xalloc xlist xsize " # Build prerequisites diff --git a/src/psk.c b/src/psk.c index 6f77c6f285..b79401cf16 100644 --- a/src/psk.c +++ b/src/psk.c @@ -37,11 +37,13 @@ int main(int argc, char **argv) #include #include #include +#include #include #include #include /* for random */ +#include #include #include @@ -54,9 +56,11 @@ int main(int argc, char **argv) /* Gnulib portability files. */ #include +#include "close-stream.h" #include "getpass.h" -static int write_key(const char *username, const char *key, int key_size, +static int write_key(const char *username, + const unsigned char *key, size_t key_size, const char *passwd_file); #define MAX_KEY_SIZE 512 @@ -67,11 +71,8 @@ int main(int argc, char **argv) struct passwd *pwd; #endif unsigned char key[MAX_KEY_SIZE]; - char hex_key[MAX_KEY_SIZE * 2 + 1]; - int key_size; - gnutls_datum_t dkey; + size_t key_size; const char *passwd, *username; - size_t hex_key_size = sizeof(hex_key); if ((ret = gnutls_global_init()) < 0) { fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret)); @@ -123,16 +124,7 @@ int main(int argc, char **argv) exit(1); } - dkey.data = key; - dkey.size = key_size; - - ret = gnutls_hex_encode(&dkey, hex_key, &hex_key_size); - if (ret < 0) { - fprintf(stderr, "HEX encoding error\n"); - exit(1); - } - - ret = write_key(username, hex_key, hex_key_size, passwd); + ret = write_key(username, key, key_size, passwd); if (ret == 0) printf("Key stored to %s\n", passwd); @@ -175,19 +167,18 @@ static int filecopy(const char *src, const char *dst) } static int -write_key(const char *username, const char *key, int key_size, +write_key(const char *username, const unsigned char *key, size_t key_size, const char *passwd_file) { FILE *fp; char line[5 * 1024]; char *p, *pp; char tmpname[1024]; - - - /* delete previous entry */ + gnutls_datum_t tmp, _username = { NULL, 0 }, _key = { NULL, 0 }; struct stat st; FILE *fp2; - int put; + bool put; + int ret = 0; if (strlen(passwd_file) + 5 > sizeof(tmpname)) { fprintf(stderr, "file '%s' is tooooo long\n", passwd_file); @@ -223,8 +214,49 @@ write_key(const char *username, const char *key, int key_size, return -1; } - put = 0; - do { + /* encode username if it contains special characters */ + if (strcspn(username, ":\n") != strlen(username)) { + char *new_data; + + tmp.data = (void *)username; + tmp.size = strlen(username); + + ret = gnutls_hex_encode2(&tmp, &_username); + if (ret < 0) { + fprintf(stderr, "HEX encoding error\n"); + ret = -1; + goto out; + } + + /* prepend '#' */ + new_data = gnutls_realloc(_username.data, _username.size + 2); + if (!new_data) { + ret = -1; + goto out; + } + memmove(_username.data + 1, _username.data, _username.size); + new_data[0] = '#'; + new_data[_username.size] = '\0'; + _username.data = (void *)new_data; + _username.size += 1; + } else { + _username.data = (void *)strdup(username); + _username.size = strlen(username); + } + + /* encode key */ + tmp.data = (void *)key; + tmp.size = key_size; + + ret = gnutls_hex_encode2(&tmp, &_key); + if (ret < 0) { + fprintf(stderr, "HEX encoding error\n"); + ret = -1; + goto out; + } + + put = false; + while (true) { p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; @@ -233,28 +265,34 @@ write_key(const char *username, const char *key, int key_size, if (pp == NULL) continue; - if (strncmp(p, username, - MAX(strlen(username), + if (strncmp(p, (const char *) _username.data, + MAX(_username.size, (unsigned int) (pp - p))) == 0) { - put = 1; - fprintf(fp, "%s:%s\n", username, key); + put = true; + fprintf(fp, "%s:%s\n", _username.data, _key.data); } else { fputs(line, fp); } } - while (1); - if (put == 0) { - fprintf(fp, "%s:%s\n", username, key); + if (!put) { + fprintf(fp, "%s:%s\n", _username.data, _key.data); + } + + out: + if (close_stream(fp) == EOF) { + fprintf(stderr, "Error writing %s: %s\n", + passwd_file, strerror(errno)); + ret = -1; } - fclose(fp); fclose(fp2); (void)remove(tmpname); + gnutls_free(_username.data); + gnutls_free(_key.data); - - return 0; + return ret; } #endif /* ENABLE_PSK */ -- cgit v1.2.1 From ff2a662482a21b0369a6e1aac6e3c36f6d58c024 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 25 Oct 2020 08:36:57 +0100 Subject: mini-record-timing: use only async-signal-safe functions in handler Signed-off-by: Daiki Ueno --- tests/suite/mini-record-timing.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/tests/suite/mini-record-timing.c b/tests/suite/mini-record-timing.c index 093f3d5d32..4cdd78f472 100644 --- a/tests/suite/mini-record-timing.c +++ b/tests/suite/mini-record-timing.c @@ -495,11 +495,30 @@ static void ch_handler(int sig) wait(&status); if (WEXITSTATUS(status) != 0 || (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { - if (WIFSIGNALED(status)) - fprintf(stderr, "Child died with sigsegv\n"); - else - fprintf(stderr, "Child died with status %d\n", - WEXITSTATUS(status)); + /* This code must be async-signal-safe. */ + if (WIFSIGNALED(status)) { + const char msg[] = "Child died with sigsegv\n"; + write(STDERR_FILENO, "Child died with sigsegv\n", sizeof(msg)); + } else { + char buf[64] = { 0 }; + char *p; + + p = stpcpy(buf, "Child died with status "); + + status = WEXITSTATUS(status) & 0377; + if (status > 100) { + *p++ = '0' + status / 100; + status %= 100; + } + if (status > 10) { + *p++ = '0' + status / 10; + status %= 10; + } + *p++ = '0' + status; + *p++ = '\n'; + + write(STDERR_FILENO, buf, p - buf); + } } return; } -- cgit v1.2.1 From e6f959a70235aaf2c31f719d66ff085f1ac85414 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 26 Oct 2020 16:32:59 +0100 Subject: srptool: fix FILE pointer leak Signed-off-by: Daiki Ueno --- src/srptool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/srptool.c b/src/srptool.c index 7da14afa6c..a9715e6a37 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -529,6 +529,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, p = fgets(line, sizeof(line) - 1, fp); } while (p != NULL && atoi(p) != uindex); + fclose(fp); if (p == NULL) { fprintf(stderr, "Cannot find entry in %s\n", tpasswd_conf); @@ -536,7 +537,6 @@ crypt_int(const char *username, const char *passwd, int salt_size, } line[sizeof(line) - 1] = 0; - fclose(fp); if ((iindex = read_conf_values(&g, &n, line)) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", tpasswd_conf); -- cgit v1.2.1